AUGUST 2015 NUMBER 8
WWW.NCUA.GOV
HIGHLIGHTS
Office of Examination and Insurance Report
NEW FFIEC ASSESSMENT TOOL CAN STRENGTHEN
2 Chairman’s Corner
Behind-the-Scenes
View of Regulatory
Relief Deliberations
A CREDIT UNION’S CYBER DEFENSES
3 A Strong Verification
Process Protects Apple
Pay Users
into NCUA’s exam approach after we give
credit unions and our examiners time to
immerse themselves into the tool and the
principles of effective cybersecurity.”
Never Underestimate
the Power of a
Compliment
4 Board Perspectives
New MBL Proposal:
Are Further Changes
in Order?
The potential for cybercrime is everywhere
these days. For credit unions, there are
potential vulnerabilities in the payments
system, and in its operations, critical systems
and even its employees. And no credit
union—from the smallest to the largest—is
immune to the dangers. Mitigating these
vulnerabilities can seem overwhelming, even
for the most seasoned of teams. Fortunately,
credit unions have a new tool to help guide
them through the process.
Fixed-Asset Rule
Provides Relief To
More Than 3,800
Federal Credit Unions
5 Board Actions
6 How the Overhead
Transfer Rate and
Operating Fee Work
The Federal Financial Institutions
Examination Council recently released its
Cybersecurity Assessment Tool to help
financial services institutions identify their
potential risks and vulnerabilities and assess
their cybersecurity preparedness. This tool
was developed after the FFIEC’s 2014
cybersecurity assessment pilot program
conducted on more than 500 institutions,
including more than 300 credit unions.
The FFIEC assessment tool features two
critical components. Both components are
designed to scale reasonably well for both
small and large institutions. The first piece
walks an institution through an assessment
of its inherent risk and inherent risk profile.
The profile identifies activities, services and
products under the following categories:
10 What to Consider
When Reviewing
Privileged Access
“The tool is designed to help institutions
address their cybersecurity concerns in an
effective, measureable and repeatable way,”
said Tim Segerson, Deputy Director of
NCUA’s Office of Examination and
Insurance. “The tool is optional and there is
no mandatory expectation of its use during
exams. However, our plan is over the long
term—around mid-2016—to put the tool
n Technologies and Connection Types.
Certain types of connections and
technologies may pose a higher inherent
risk depending on the complexity and
maturity, connections and nature of the
specific technology products or services.
This includes the number of Internet service
provider and third-party connections, the
number of unsecured connections, the use
of wireless access, volume of network
devices, end-of-life systems, extent of cloud
services and the use of personal devices.
12 Severe Weather Can
Destroy a Consumer’s
Financial Stability
n Delivery Channels. Various delivery
channels for products and services may
pose a higher inherent risk depending on
the nature of the specific product or service
offered. Inherent risk increases as the
CONTINUED ON PAGE 8
STAY CONNECTED
WITH WWW.NCUA.GOV
Connect with NCUA
at www.linkedin.com/company/ncua
Like NCUA at www.facebook.com/NCUAgov
Follow NCUA at www.twitter.com/thencua
Subscribe to NCUA at www.youtube.com/ncuachannel